Month: September 2024
Sep 11, 2024Ravie LakshmananMalware / Software Development Cybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise of coding assessments. “The new samples were tracked to GitHub projects that have been linked to previous, targeted attacks in which developers are lured using fake job interviews,” ReversingLabs researcher…
Read More
ESET researchers have mapped the recent activities of the CosmicBeetle threat actor, documenting its new ScRansom ransomware and highlighting connections to other well-established ransomware gangs. CosmicBeetle actively deploys ScRansom to SMBs in various parts of the world. While not being top notch, the threat actor is able to compromise interesting targets. CosmicBeetle replaced its previously…
Read More
Sep 11, 2024Ravie LakshmananEnterprise Security / Vulnerability Ivanti has released software updates to address multiple security flaws impacting Endpoint Manager (EPM), including 10 critical vulnerabilities that could result in remote code execution. A brief description of the issues is as follows – CVE-2024-29847 (CVSS score: 10.0) – A deserialization of untrusted data vulnerability that allows…
Read More
Sep 11, 2024Ravie LakshmananWindows Security / Vulnerability Microsoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active exploitation as part of its Patch Tuesday update for September 2024. The monthly security release addresses a total of 79 vulnerabilities, of which seven are rated Critical, 71 are rated Important,…
Read More
5 Upcoming Ransomware Variants and Groups to Watch In 2024 Ransomware has continued to evolve with the emergence of new and sophisticated threats. While established groups like LockBit and BlackCat still dominate a significant portion of reported attacks, new players and variants are increasingly making their presence felt. This article looks into five notable ransomware…
Read More
In an Oracle CloudWorld keynote, the Oracle founder and CTO also held up the company’s new alliance with Amazon Web Services as the start of the “open multi-cloud era.” Oracle’s next-generation network security technology, which leverages AI and biometric authentication to thwart cyber threats, is now available in the Oracle Cloud, Oracle founder, chairman and…
Read MoreMS-ISAC ADVISORY NUMBER: 2024-100 DATE(S) ISSUED: 09/10/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe is a software that is used for creating and publishing a wide variety of contents including graphics, photography, illustration, animation, multimedia, motion pictures and print. Successful exploitation…
Read More
‘The strategy behind acquiring both SkyKick and Axcient was to further expand our cybersecurity and data protection portfolios,’ said Ameer Karim, executive vice president and general manager at ConnectWise. ‘As cyber threats evolve, data protection and cybersecurity must go hand-in-hand.’ In a move to bolster its cybersecurity and data protection capabilities, ConnectWise has acquired Axcient…
Read MoreMS-ISAC ADVISORY NUMBER: 2024-099 DATE(S) ISSUED: 09/10/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Ivanti products, the most severe of which could allow for remote code execution. Ivanti Endpoint Manager is a client-based unified endpoint management software. Ivanti Cloud Service Appliance (CSA) is an Internet appliance that provides secure communication and functionality over the Internet.…
Read More
Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug that has caused some Windows 10 PCs to remain dangerously unpatched against actively exploited vulnerabilities for several months…
Read More